Vulnerability-Lookup

VAR-202410-0405

Vulnerability from variot - Updated: 2024-10-23 22:43

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rex 300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "5.1.11"
      },
      {
        "model": "mbnet.mini",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.3.1"
      },
      {
        "model": "mbnet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "8.2.1"
      },
      {
        "model": "rex 100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "2.3.1"
      },
      {
        "model": "mymbconnect24",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.16.3"
      },
      {
        "model": "rex 250",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "8.2.1"
      },
      {
        "model": "mbspider mdh 916",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "rex 200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "8.2.1"
      },
      {
        "model": "mbspider mdh 915",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbspider mdh 905",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbspider mdh 906",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbnet hw1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "5.1.11"
      },
      {
        "model": "mbnet.rokey",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "8.2.1"
      },
      {
        "model": "myrex24 v2 virtual server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "2.16.3"
      },
      {
        "model": "mbconnect24",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.16.3"
      },
      {
        "model": "mbnet",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbnet.mini",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbconnect24",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mymbconnect24",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "rex 300",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "myrex24 v2 virtual server",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "rex 100",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "rex 200",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "mbspider mdh 915",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 905",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbnet hw1",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 906",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 916",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "rex 250",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "mbnet.rokey",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "cve": "CVE-2024-45273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-45273",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "info@cert.vde.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2024-45273",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2024-45273",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2024-45273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "info@cert.vde.com",
            "id": "CVE-2024-45273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2024-45273",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-45273",
        "trust": 2.6
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-056",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-068",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-069",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-066",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "id": "VAR-202410-0405",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5
  },
  "last_update_date": "2024-10-23T22:43:38.071000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-261",
        "trust": 1.0
      },
      {
        "problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-056"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-066"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-068"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-069"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "date": "2024-10-15T11:15:11.940000",
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-18T03:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "date": "2024-10-17T17:41:43.017000",
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      }
    ],
    "trust": 0.8
  }
}

CVE-2024-45273 (GCVE-0-2024-45273)

Vulnerability from cvelistv5 – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:47

Title

MB connect line/Helmholz: Weak encryption of configuration file

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-261 - Weak Encoding for Password

Assigner

CERTVDE

References

URL

Tags

	https://cert.vde.com/en/advisories/VDE-2024-056
	https://cert.vde.com/en/advisories/VDE-2024-066
	https://cert.vde.com/en/advisories/VDE-2024-068
	https://cert.vde.com/en/advisories/VDE-2024-069

Impacted products

Vendor

Product

Version

MB connect line

mbNET.mini

Affected: 0.0.0 , ≤ 2.2.13 (semver)

MB connect line	mbNET/mbNET.rokey	Affected: 0.0.0 , ≤ 8.2.0 (semver)
MB connect line	mbNET HW1	Affected: 0.0.0 , ≤ 5.1.11 (semver)
MB connect line	mbSPIDER	Affected: 0.0.0 , ≤ 2.6.5 (semver)
MB connect line	mbCONNECT24	Affected: 0.0.0 , ≤ 2.16.2 (semver)
MB connect line	mymbCONNECT24	Affected: 0.0.0 , ≤ 2.16.2 (semver)
Helmholz	REX100	Affected: 0.0.0 , ≤ <= 2.2.13 (semver)
Helmholz	REX200/250	Affected: 0.0.0 , ≤ <= 8.2.0 (semver)
Helmholz	myREX24 V2	Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
Helmholz	myREX24.virtual	Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
Helmholz	REX300	Affected: 0.0.0 , ≤ <= 5.1.11 (semver)

Credits

Moritz Abrell SySS GmbH

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet.mini",
            "vendor": "mb_connect_line",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_mbnet.rokey",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_hw1",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbspider",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.6.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mymbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex100",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex_200",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex250",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24_v2",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24.virtual",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex300",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45273",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T18:22:26.955543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:31:20.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:47:04.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "mbNET.mini",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET/mbNET.rokey",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET HW1",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbSPIDER",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.6.5",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mymbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX100",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX200/250",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24 V2",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24.virtual",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX300",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Moritz Abrell"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SySS GmbH"
        }
      ],
      "datePublic": "2024-10-15T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-261",
              "description": "CWE-261: Weak Encoding for Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T10:27:52.208Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
        }
      ],
      "source": {
        "advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
        "defect": [
          "CERT@VDE#641679",
          "CERT@VDE#641695",
          "CERT@VDE#641692",
          "CERT@VDE#641696"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "MB connect line/Helmholz: Weak encryption of configuration file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-45273",
    "datePublished": "2024-10-15T10:27:52.208Z",
    "dateReserved": "2024-08-26T09:19:01.266Z",
    "dateUpdated": "2024-10-16T17:47:04.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202410-0405

CVE-2024-45273 (GCVE-0-2024-45273)

Tags

Sightings

Nomenclature